implement-plan
Pass
Audited by Gen Agent Trust Hub on Mar 1, 2026
Risk Level: SAFECOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [COMMAND_EXECUTION]: The skill executes git commands (status, checkout, commit, push) and triggers repository-specific testing and linting tools as described in the DevOps workflow.
- [PROMPT_INJECTION]: The skill is susceptible to indirect prompt injection (Category 8) because its core function is to implement plans sourced from external GitHub issue content.
- Ingestion points: GitHub Issue details and comments accessed in steps 2 and 3 of the SKILL.md file.
- Boundary markers: Absent; no delimiters or explicit warnings are used to differentiate the external issue data from the agent's internal instructions.
- Capability inventory: Git branch management, code implementation (file modification), PR generation, and execution of local test/linting scripts.
- Sanitization: Absent; the skill does not include steps to validate or sanitize technical designs or implementation steps found within the issues before execution.
Audit Metadata